rp0jbJ %SrSSKrSSKrSSKrSSKrSSKrSSKJr SSKJ r J r J r SSK J r SSKJr SSKJr SS KJr SS KJrJr SS KJr "S S \ SS9r\R4\R4\R6\R6\R8\R8\R8\R8\R:\R:\R:\R:S. r\\ \\!/S44\"S'\RF"\RHS:aSOS5r%Sr&\ \'\ SS4\"S'\'"\("\RS555r*\ \'\ S4\"S'\+"1Sk5r,\ \+\ \"S'S\ S\ 4Sjr-S\ S\ 4Sjr.S \ S\\ \ 44S!jr/"S"S#5r0g)$av Digest authentication middleware for aiohttp client. This middleware implements HTTP Digest Authentication according to RFC 7616, providing a more secure alternative to Basic Authentication. It supports all standard hash algorithms including MD5, SHA, SHA-256, SHA-512 and their session variants, as well as both 'auth' and 'auth-int' quality of protection (qop) options. N)Callable)FinalLiteral TypedDict)URL)hdrs) ClientError)ClientHandlerType) ClientRequestClientResponse)Payloadc\\rSrSr%\\S'\\S'\\S'\\S'\\S'\\S'\\S'S rg ) DigestAuthChallengerealmnonceqop algorithmopaquedomainstaleN)__name__ __module__ __qualname____firstlineno__str__annotations____static_attributes__r_/home/wildlama/miniconda3/lib/python3.13/site-packages/aiohttp/client_middleware_digest_auth.pyrrs% J J HN K K Jr!rF)total) MD5zMD5-SESSSHAzSHA-SESSSHA256z SHA256-SESSzSHA-256z SHA-256-SESSSHA512z SHA512-SESSzSHA-512z SHA-512-SESSz hashlib._HashDigestFunctions) z:(?:^|\s|,\s*)(\w+)\s*=\s*(?:"((?:[^"\\]|\\.)*)"|([^\s,]+))z>(?:^|\s|,\s*)((?>\w+))\s*=\s*(?:"((?:[^"\\]|\\.)*)"|([^\s,]+)))rrrrrrr.CHALLENGE_FIELDSSUPPORTED_ALGORITHMS>urirrcnoncerresponseusernameQUOTED_AUTH_FIELDSvaluereturnc&URSS5$)z,Escape double quotes for HTTP header values."\"replacer2s r" escape_quotesr:ls ==e $$r!c&URSS5$)z-Unescape double quotes in HTTP header values.r6r5r7r9s r"unescape_quotesr<qs == $$r!headerc [RU5VVVs0sH3upnUR5=n(dMXB(a [U5OU_M5 snnn$s snnnf)aI Parse key-value pairs from WWW-Authenticate or similar HTTP headers. This function handles the complex format of WWW-Authenticate header values, supporting both quoted and unquoted values, proper handling of commas in quoted values, and whitespace variations per RFC 7616. Examples of supported formats: - key1="value1", key2=value2 - key1 = "value1" , key2="value, with, commas" - key1=value1,key2="value2" - realm="example.com", nonce="12345", qop="auth" Args: header: The header value string to parse Returns: Dictionary mapping parameter names to their values )_HEADER_PAIRS_PATTERNfindallstripr<)r=key quoted_val unquoted_val stripped_keys r"parse_header_pairsrFvs\,.C-J-J6-R -R )C\IIK 'L ' R Zoj1\Q-R  s AAc \rSrSrSrSS\S\S\SS4SjjrS \S \S \ \ S -S\4S jr S \S\4Sjr S\ S\4SjrS\S\S\ 4SjrSrg)DigestAuthMiddlewarea HTTP digest authentication middleware for aiohttp client. This middleware intercepts 401 Unauthorized responses containing a Digest authentication challenge, calculates the appropriate digest credentials, and automatically retries the request with the proper Authorization header. Features: - Handles all aspects of Digest authentication handshake automatically - Supports all standard hash algorithms: - MD5, MD5-SESS - SHA, SHA-SESS - SHA256, SHA256-SESS, SHA-256, SHA-256-SESS - SHA512, SHA512-SESS, SHA-512, SHA-512-SESS - Supports 'auth' and 'auth-int' quality of protection modes - Properly handles quoted strings and parameter parsing - Includes replay attack protection with client nonce count tracking - Supports preemptive authentication per RFC 7616 Section 3.6 Origin scoping: The credentials are scoped to the origin of the first request the middleware handles. A request to a different origin is passed through untouched, so it never receives a digest response computed from those credentials, unless that origin falls within a protection space the anchor origin advertised through the RFC 7616 ``domain`` directive. Make the first request through the middleware against the intended origin, as the anchor is pinned to it and not reset for the life of the instance. Standards compliance: - RFC 7616: HTTP Digest Access Authentication (primary reference) - RFC 2617: HTTP Authentication (deprecated by RFC 7616) - RFC 1945: Section 11.1 (username restrictions) Implementation notes: The core digest calculation is inspired by the implementation in https://github.com/requests/requests/blob/v2.18.4/requests/auth.py with added support for modern digest auth features and error handling. loginpassword preemptiver3NcUc [S5eUc [S5eSU;a [S5eXlURS5UlURS5UlSUlSUl0UlX0l/Ul SUl g)Nz"None is not allowed as login valuez%None is not allowed as password value:z8A ":" is not allowed in username (RFC 1945#section-11.1)utf-8r!r) ValueError _login_strencode _login_bytes_password_bytes_last_nonce_bytes _nonce_count _challenge _preemptive_protection_space_origin)selfrJrKrLs r"__init__DigestAuthMiddleware.__init__s =AB B  DE E %<WX X&+*/,,w*?-5__W-E!$/1!+,.#' r!methodurlbodyr!c x ^#^$# URnSU;a [S5eSU;a [S5eUSnUSnU(d [S5eURSS5nURSS 5nUR5n URS S5n UR S 5n UR S 5n [ U5R n SnS nU(aS S1RURS5Vs1sH*nUR5(dMUR5iM, sn5nU(d[SU35eSU;aSOS nUR S 5nU [;a$[SU SSR[535e[U m$S[S[4U$4Sjjm#S[S[S[4U#4SjjnSRURXR45nUR5SU 3R 5nUS:XaK[!U["5(aUR%5IShvN nOUnT#"U5nSRUU45nT#"U5nT#"U5nXR&:XaU=R(S- slOSUlXlUR(SnUR S 5n[*R,"S R[/UR(5R S 5U [0R2"5R S 5[4R6"S5/55R95SS nUR S 5nU R5R;S!5(aT#"SRUU U455nU(a SRU UUUU45nU"UU5nOU"USRU U455n[=UR>5[=U5[=U5U URA5US".nU (a[=U 5US 'U(aUUS'UUS#'UUS$'/n URC5H?un!n"U![D;aU RGU!S%U"S&35 M)U RGU!S'U"35 MA S(SRU 53$s snfGN{7f))a} Build digest authorization header for the current challenge. Args: method: The HTTP method (GET, POST, etc.) url: The request URL body: The request body (used for qop=auth-int) Returns: A fully formatted Digest authorization header string Raises: ClientError: If the challenge is missing required parameters or contains unsupported values rz:Malformed Digest auth challenge: Missing 'realm' parameterrz:Malformed Digest auth challenge: Missing 'nonce' parameterzBSecurity issue: Digest auth challenge contains empty 'nonce' valuerrr$rrOr!authzauth-int,zEDigest auth error: Unsupported Quality of Protection (qop) value(s): z/Digest auth error: Unsupported hash algorithm: z. Supported algorithms: z, xr3cL>T"U5R5R5$)z.H s1:'')002 2r!sdc4>T"SRX455$)zDRFC 7616 Section 3: KD(secret, data) = H(concat(secret, ":", data)).:)join)rkrlris r"KD(DigestAuthMiddleware._encode..KD$sTYYv&' 'r!rnrNNr08xz-SESS)r0rrr-r/rncr.z="r5=zDigest )$rWr getupperrRr raw_path_qs intersectionsplitrAr(ror,bytesrSrT isinstanceras_bytesrUrVhashlibsha1rtimectimeosurandomrgendswithr:rQdecodeitemsr1append)%r[r^r_r` challengerrqop_rawalgorithm_originalrr nonce_bytes realm_bytespathr qop_bytesq valid_qopsrpA1A2 entity_bytes entity_hashHA1HA2ncvalue ncvalue_bytesr. cnonce_bytesnoncebitresponse_digest header_fieldspairsfieldr2rirhs% @@r"_encodeDigestAuthMiddleware._encodes"OO ) #L  ) #L  '"'"T --r*&]];>&,,. x,ll7+ ll7+ 3x##  *-::$+MM#$6D$6q!'')$6DJ![\c[de!+j 8*fC 7+I O +A)M))-3G)H(IK )3 3 35 3 (% (E (e ( YY));8L8LM N q ' . . 0 * $((%)]]_4 # L/KB ,-Bee 00 0    "  !D !,&&s+w/  HH))*11':JJL''0JJqM     )+cr }}W-  ??  % %g . .DIIsK>?@C yym\9cJH!h/O diic0B&CDO &doo6"5)"5)'..0+  &3F&;M( # #&M% ")M$ &,M( #)//1LE5** wbq12 waw/0 2 5)*++SE< 5s&C3R:7R2R2(DR:<R7=I;R:c[U5nURHRnURU5(dM[U5[U5:Xd USS:Xa gU[U5S:XdMR g g)z Check if the given URL is within the current protection space. According to RFC 7616, a URI is in the protection space if any URI in the protection space is a prefix of it (after both have been made absolute). /TF)rrY startswithlen)r[r_ request_str space_strs r"_in_protection_space)DigestAuthMiddleware._in_protection_spacezsi#h //I)))44;3y>1Yr]c5I3y>*c10r!r/c URS:wagURRSS5nU(dgURS5up4nU(dgUR 5S:wagU(dg[ U5=n(dg0Ul[H'nURU5=ncMXR U'M) URR5n UR RS5=n (a/Ul U R5Hn U RS5n U RS 5(a>URR[U R![#U 5555 MhURR[[#U 555 M O[U 5/Ul [%UR 5$) zr Takes the given response and tries digest-auth, if needed. Returns true if the original request must be resent. iFzwww-authenticaterb digestrr5r)statusheadersrw partitionlowerrFrWr+r_originrYr{rArrrrorbool) r[r/ auth_headerr^sepr header_pairsrr2rrr-s r" _authenticate"DigestAuthMiddleware._authenticatesu ??c !&&**+=rB *44S9W <<>X %!37 ;; ;%E%))%00=).&& $$&__((2 26 2%'D "||~iin>>#&&**11#fkk#c(6K2LM**11#c#h-@&'*&k]D "DOO$$r!requesthandlerc# URR5nURcX0lO?X0R:wa0URUR5(dU"U5IShvN $Sn[ S5HnUS:dBUR (aUR (atURUR5(aTURURURUR5IShvN UR[R'U"U5IShvN nURU5(aM O UceU$NNTN+7f)zRun the digest auth middleware.Nr)r_rrZrrangerXrWrr^r`rr AUTHORIZATIONr)r[rrrr/ retry_counts r"__call__DigestAuthMiddleware.__call__s##% << !L || #D,E,Egkk,R,R )) ) 8KQ  OO--gkk::<@LLNNGKK=7 2 23 %W--H%%h//%$*###3*7 .s=A)E+E,BE<E=*E'E(E EEE) rWrUrSrQrVrZrTrXrY)T)rrrr__doc__rrr\rrrrrr rr r rr rr!r"rHrHs%V ((( (  (8c,Cc,cc,73<9Oc,TWc,J(9%n9%9%v%$%/@% %r!rH)1rrrresysrcollections.abcrtypingrrryarlrrbr client_exceptionsr client_middlewaresr client_reqrepr r payloadrrmd5rsha256sha512r(dictrr|rcompile version_infor?r+tuplesortedkeysr, frozensetr1r:r<rFrHrr!r"rs $,,*18)5 ;; << nn>>~~NNnn>>~~NN Bc8UG_$<==> "  '!B J< % QRTWW  05VO